<?php

  require_once('config.php');

  // Contact form
  if (isset($_POST['submit'])) { // Handle the form.

    // Include myCheckContact class template
    include "cms/functions/check-email.php";

    // Create new object from class template
    $mycheckcontact = &New myCheckContact();

    // NAME: populate the object variable
    $mycheckcontact->name = $_POST['name'];
    // Run the checkName function
    $checkName = $mycheckcontact->checkName();
    if(!$checkName) { // If function returns false
      $problem = true;
      $response0 = "You didn't enter your name.<br />";
    }

    // EMAIL: ditto
    $mycheckcontact->email = $_POST['email'];
    $checkEmail = $mycheckcontact->checkEmail();
    if(!$checkEmail) {
      $problem = true;
      $response1 = "You didn't enter a valid email address.<br />";
    }

    // COMMENT: ditto
    $mycheckcontact->comment = $_POST['comment'];
    $checkComment = $mycheckcontact->checkComment();
    if(!$checkComment) {
      $problem = true;
      $response2 = "You didn't specify your enquiry.<br />";
    }

    // ANTI SPAM
    // First, make sure the form was posted from a browser.
    if(!isset($_SERVER['HTTP_USER_AGENT'])){
      die("Forbidden. You are not authorized to view this page.");
      exit;
    }

    // Make sure the form was indeed POSTed.
    if(!$_SERVER['REQUEST_METHOD'] == "POST"){ 
      die("Forbidden. You are not authorized to view this page.");
      exit;
    }

    // Host names from where the form is authorized to be posted from.
    $authHosts = array("yourdomain.com", "yourdomain.com", "yourdomain.com");

    // Where have we been posted from?
    $fromArray = parse_url(strtolower($_SERVER['HTTP_REFERER']));

    // Test to see if the $fromArray used www to get here.
    $wwwUsed = strpos($fromArray['host'], "www.");


   
    // Make sure the form was posted from an approved host name.
//rem by laurie  30Aug08
 /*   if(!in_array(($wwwUsed === false ? $fromArray['host'] : substr(stristr($fromArray['host'], '.'), 1)), $authHosts)){
      header("HTTP/1.0 403 Forbidden");
      exit;
    }
*/
    // Attempt to defend against header injections:
    $badStrings = array("Content-Type:", "MIME-Version:", "Content-Transfer-Encoding:", "bcc:", "cc:");
//echo "got to here ok";
    // Loop through each POSTed value and test for $badStrings.
    foreach($_POST as $k => $v){
      foreach($badStrings as $v2){
        if(strpos($v, $v2) !== false){
          header("HTTP/1.0 403 Forbidden");
          exit;
        }
      }
    }

    // Made it past spammer test, free up some memory & proceed.
    unset($k, $v, $v2, $badStrings);
    // ANTI SPAM ends.

    // Attempt to strip out the backslashes.
    $_POST['name'] = stripslashes($_POST['name']);
    $_POST['comment'] = stripslashes($_POST['comment']);

    // If everything's okay, proceed and send an email.
    if (!$problem) {
      $response1 = ''; // Clear redundant error message.
      $content = ''; // Empties textarea if successful.
      $ip = $_SERVER['REMOTE_ADDR'];
      $record_title = 'For your records...';
      $body = "Here is what they sent:\nTheir name is '{$_POST['name']}'\nTheir email address is '{$_POST['email']}'\nTheir IP address is '$ip'\nTheir enquiry is '{$_POST['comment']}'";
      $body = wordwrap($body, 70);
      $headers = '';
      $myname = $_POST['name'];
      $sourceemail = $_POST['email'];
      $thesubject = 'Email enquiry from ' . $_POST['name'] . ' on your website.';
      // Additional headers:
      $headers .= "From: " . $myname . " <" . $sourceemail . ">\n";
      $headers .= 'Subject: ' . $thesubject . "\n";
      $headers .= "Return-path: " . $sourceemail . "\n";
      $headers .= "Reply-To: " . $sourceemail . "\n";
      $headers .= "Content-type: text;\n";
      $headers .= "Mime-Version: 1.0\n";
     
      mail ($adminEmail, $subject, $body, $headers);

      // Confirmation message:
      $body2 = "Hello {$_POST['name']}.\n\nYour comment/enquiry to Your Name at www.yourdomain.com has been received, and was:\n\n'{$_POST['comment']}'\n\nPlease do not reply directly to this auto-response message.";
      $body2 = wordwrap($body2, 70);
      mail ($_POST['email'], $record_title, $body2, 'From: auto-response');
      $response0 = 'Your comment/enquiry has been received, thankyou.';
    } else {
      $content = ($_POST['comment']);
      $response3 = 'Please try again.';
      $response4 = 'Please return to the form and complete.';
    }

  }

?>
<?php $thisLocation = 'root'; ?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"><head profile="http://gmpg.org/xfn/11">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title><?php echo $siteTitle ?></title>
<meta name="description" content="<?php echo $metaDescription ?>" />
<meta name="keywords" content="<?php echo $metaKeyWords ?>" />
<?php require_once('cms/admin/theme/maintheme.php');?>
</head>
<body>

<div id="wrap">
	<div id="header">
  <?php  require_once('cms/includes/header.php'); echo "\n"; ?>
  </div>
	<div id="content">
<?php
require_once('config.php');
  include ('cms/functions/le-format.php');
  include ('cms/functions/convert-characters.php');

?>

<h1>Contact Page</h1>

<h3>Comments or enquiries welcome</h3>

<p>Feel free to use the contact form below to submit comments or to make an enquiry. It will send an email to me, Your Name. All fields required, but please note that your email address will not be used for any purpose other than to send to you (for your records) a copy of your comments or enquiry.</p>

<h3>Contact form</h3>
<?php

  // Response section
  if (isset($_POST['submit'])) {
    echo '				<div class="response">';
    echo "\n\n";
    echo '<p>';
    echo $response0;
    echo $response1;
    echo $response2;
    echo $response3;
    echo '</p>';
    echo "\n\n";
    echo '				</div><!-- response_eof //-->';
    echo "\n";
  }

?>

<form method="post" id="contactform" action="<?php echo $_SERVER['PHP_SELF']; ?>">

<p><input type="text" name="name" id="name" class="fixedwidth" size="22" value="<?php if (isset($_POST['submit'])) echo $_POST['name']; ?>" maxlength="60" tabindex="1" /><label for="name">Your name</label></p>

<p><input type="text" name="email" id="email" class="fixedwidth" size="22" value="<?php if (isset($_POST['submit'])) echo ($_POST['email']); ?>" maxlength="150" tabindex="2" /><label for="email">Your email address</label></p>

<p><textarea name="comment" id="comment" rows="10" cols="100%"><?php if (isset($_POST['submit'])) echo $content; ?></textarea></p>

<p><input type="submit" name="submit" id="submit" value="Submit" /></p>

</form>

<!-- p>Telephone contact:<br />Your Number</p -->

	</div><!-- content_eof //-->
	<div id="navigation">

<ul id="menu">
<li><a href="<?php echo $wwwroot ?>" title="Home Page">Home Page</a></li>
<?php

  include ('cms/classes/makebutton.class.php');
  include ('cms/includes/menu.php');

?>
<li><strong>Contact</strong></li>
</ul>

	</div><!-- navigation_eof //-->
	<div id="extra">

<?php include ('cms/includes/extra.php'); echo "\n"; ?>

	</div><!-- extra_eof //-->
	<div id="search">

<?php include ('cms/includes/searchform.php'); ?>

	</div><!-- search_eof //-->
	<div id="footer">

<p><?php include ('cms/includes/footer.inc'); ?></p>

<?php include ('cms/includes/tracking.php'); 
?>

	</div><!-- footer_eof //-->
</div><!-- wrap_eof //-->

</body>
</html>
